<?php
require_once('Extension/Controller/Plugin/Abstract.php');

class Extension_Controller_Plugin_Web_Acl extends Extension_Controller_Plugin_Abstract
{
    //public function routeStartup(Zend_Controller_Request_Abstract $request) {}
    //public function routeShutdown(Zend_Controller_Request_Abstract $request) {}

    public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
    {
        self::initAcl($request);
    }
    
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        self::accessControl($request);
    }

    //public function postDispatch(Zend_Controller_Request_Abstract $request) {}
    //public function dispatchLoopShutdown() {}


    /**
     * Acl
     * 
     */
    public static function initAcl(Zend_Controller_Request_Abstract $request)
    {
        $config = Zend::initConfig('Acl');
        $roles = $config->roles;
        $acl = new Zend_Acl();
        
        foreach ($roles as $role => $parents) {
            if (!$acl->hasRole($role)) {
                $parents = empty($parents) ? null : explode(',', $parents);
                $acl->addRole(new Zend_Acl_Role($role), $parents);
            }
        }

        $functionUser = new Core_Model_Function_User();

        $namespace = Zend::initConfig('Session')->namespace->acl;
        $session = Zend::initSession($namespace);
        $session->role = $functionUser->getUserRole();
        $session->lock();

        $controller = $request->getControllerName();

        $acl->add(new Zend_Acl_Resource('post'));
        $acl->deny('guest', 'post');
        $acl->allow('editor', 'post');

        if(false == $acl->has($controller)) {
            $acl->add(new Zend_Acl_Resource($controller));
            $acl->allow('guest', $controller);
        }

        Zend_Registry::set('acl', $acl);
        return $acl;
    }


    public static function accessControl(Zend_Controller_Request_Abstract $request)
    {
        if (!Zend_Registry::isRegistered('acl')) {
            $acl = self::initAcl();
        }

        $acl = Zend_Registry::get('acl');

        $controller = $request->getControllerName();
        $action = $request->getActionName();
        
        $config = Zend::initConfig('Acl');

        $namespace = Zend::initConfig('Session')->namespace->acl;
        $session = Zend::initSession($namespace);
        $role = $session->role;

        if ($acl->isAllowed($role, $controller, $action)) {
            //$layout = Zend_Layout::getMvcInstance()->assign('helperMessage', "role : $role<br />$controller -> $action allow");
        } else {
            $flashMessenger = Zend_Controller_Action_HelperBroker::getStaticHelper('FlashMessenger');
            $flashMessenger->setNamespace('index')->addMessage("I am sorry, $role is not allow to perform this action.");
            $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
            $redirector->gotoUrlAndExit('/admin');
        }
    }

}